While Work-From-Home Conference Calls Soar in Popularity, So Do Zoom Privacy Issues

UPDATED 12/8/2020- With so many people working and socializing from home, more than just businesses – employees, families and friends – are trying to find a place to gather (hold virtual meetings, religious services, game nights, birthday parties and happy hours). Zoom has become “that meeting place” for most. According to the Chief Executive of Zoom, in December the video platform had approximately 10 million users, to currently over 200 million users.

While Zoom has become popular rather quickly, some of its security vulnerabilities have taken the spotlight too. Some of the recent Zoom privacy issues have included user data being sent to Facebook and a flaw leaving Mac users vulnerable to their microphones and webcams being accessed. Another Zoom privacy issue has included a lack of password protection. That has led to some meetings being “Zoom-bombed,” like an AA meeting where trolls harassed those participating in the recovery process.

Zoom executives have come out and said they are working to address the Zoom security problems, including enabling passwords by default in all future meetings, clarifying its encryption practices, releasing fixes for Mac-related issues and more.

In the meantime, there are few things users can do to make sure their Zoom meetings are secure.

Protecting Meetings

Zoom now offers its users multiple ways to protect their meetings. Users can secure a meeting with end-to-end encryption, create waiting rooms for attendees, require a host to be present before the meeting begins, lock a meeting and more. These features can be found in the host settings. These Zoom privacy measures can also help reduce the risk of someone getting into a meeting that does not belong and “Zoom-bombing” the meeting.

Protecting Data

According to Zoom’s website, recordings can be stored locally on the host’s device with the local recording option or on the Zoom Cloud with the Cloud Recording option that is available for customers who are paying for Zoom’s services. The meeting host can manage their recording through a secured interface and the recording can either be shared, downloaded or deleted. Zoom phone voicemail recordings are also processed and stored in the Zoom Cloud and can be managed through Zoom Client. Meeting hosts can manage the Zoom data settings in the settings tab.

Protecting Privacy

Zoom currently stores user email addresses, passwords, names, company names, phone numbers and profile pictures. Company names, phone numbers and adding a profile picture are optional for users. If a user is concerned about their Zoom security, they can elect to only provide their name, email address and password. Users will not be asked to provide any personally identifiable information and should report any message asking them to do so directly to Zoom because it could be a scam.

Oversharing

While Zoom has taken responsibility for its security issues, it is important users do their part. Oversharing their meeting information on social media can lead to some scary consequences, making it easier for others to join what was intended to be a private Zoom meeting. It could also lead to information in someone’s profile settings being stolen. To prevent oversharing, users should not post meeting information on any of their social media platforms. Instead, send the invitation directly to the person they would like to invite. Also, consider revisiting what level social media privacy and security settings are set – otherwise, users may be sharing more information than they intended with people they shouldn’t.

Avoiding Zoom Scams

Security issues are not the only problem Zoom is running into. Zoom phishing attacks are making the rounds threatening employees that their contracts will be terminated, and then asking recipients to input their login credentials in a fake Zoom login page. According to Check Point Research, scammers registered more than 2,449 Zoom-related domains from late April to early May.

There are also Zoom phishing scams saying people received a video conference invitation, like the one the Identity Theft Resource Center received that is pictured below. The email looks real because it is sent with “High Priority” as indicated by the red exclamation point. It is generically from “Zoom” and there is no name of the sender. However, if you hover over the email address with your mouse, it shows a full address that is gibberish. Do not click on links you are not expecting. Rather, go directly to your Zoom account to manage any invitations. At the bottom, there is also no contact information or business logo verifying it is the company.

In a statement to NBC 7 San Diego, a Zoom representative said that there are three web addresses that may appear in a legitimate invitation.

• Zoom.us
• Zoom.com
• Zoom.com.cn

The rest of the statement said:
“Users across all services and technology platforms should be cautious with e-mails or links received from unknown senders, and they should take care to only click on authentic links to known and trusted service providers. Zoom users should be aware that links to our platform will only ever have a zoom.us, zoom.com or zoom.com.cn domain name. Prior to clicking on a link, users should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

If anyone ever comes across a Zoom email they are not expecting, they should ignore it and go to their work manager to verify whether or not it is real.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

If people have questions regarding their privacy settings, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor toll-free.

For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.

---

You might also be interested in…

• IRS Stimulus Check Scams Ramp Up
• Someone Is Going Door-to-Door During COVID-19? Be Wary 
• Coronavirus Testing Robocalls See a Spike